New Security Capabilities Announced for Microsoft 365, Azure

Microsoft on Tuesday unveiled several new security capabilities for its Microsoft 365 and Azure solutions, including for data security, compliance, and risk management.

Microsoft 365 has built-in data loss prevention capabilities for Teams, Exchange, SharePoint, OneDrive and third-party cloud apps. The new Endpoint Data Loss Prevention (DLP) solution, which is currently available in public preview, extends those DLP capabilities to the endpoint in an effort to help organizations protect sensitive information on endpoints and meet compliance requirements.

Endpoint DLP is built into Windows 10, Edge and Office apps, and security teams can see what data has been accessed and shared directly from the Microsoft 365 compliance center.

Microsoft also announced new Microsoft 365 features designed to help organizations address insider risk and code of conduct violations. These features, also available in public preview, enhance the detection and remediation capabilities in Insider Risk Management and Communication Compliance.

Specifically, the latest Insider Risk Management release expands the quality of signals used to detect potentially risky behavior associated with malicious or non-malicious insider activity. These improvements included new Windows 10 signals (e.g. copying files to a USB drive or a network share), integration with Defender ATP, additional native signals from Microsoft 365 products, and improvements to the native HR connector.

Customers are also provided new data leak policy and security policy violation templates to help them identify more risks, and Microsoft has announced integration with ServiceNow to allow incident responders to easily create tickets for identified risks.

As for Communication Compliance, which is designed to allow companies to detect violations of regulatory compliance and code of conduct (e.g. harassment and threats), Microsoft has introduced enhancements designed to make it easier to review and address potential issues.

In the case of its Azure Sentinel SIEM solution, Microsoft announced new third-party connectors that will enable organizations to easily obtain data from third-party firewall, endpoint security, network security and vulnerability management products.

Finally, Microsoft announced Double Key Encryption for Microsoft 365, which enables organizations to remain in full control of the encryption keys they use to protect their most sensitive data. Microsoft believes this will be highly useful to certain organizations, such as ones in the financial sector, which need to meet stricter compliance requirements.

“Double Key Encryption for Microsoft 365 uses two keys to protect your data, with one key in your control and the second in Microsoft’s control. To view the data, one must have access to both keys. Since Microsoft can access only one key, your data and key are unavailable to Microsoft, helping to ensure the privacy and security of your data,” Microsoft explained.

Endpoint DLP, Insider Risk Management, Communication Compliance, and Double Key Encryption are all available in public preview starting on July 21 for Microsoft 365 E5 customers.

Related: Microsoft Announces New Security Capabilities Across Platforms

Related: Microsoft Unveils New Azure, Windows Defender ATP Tools

Related: Microsoft Threat Protection Now Generally Available

Related: Microsoft Open-Sources COVID-19 Threat Intelligence

view counter

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Previous Columns by Eduard Kovacs:
Tags: